Survivable systems and outsourced services

Mission

The survivable systems and outsourced services research area focuses on the development of highly security-critical systems as well as defensive mechanisms against common coordinated threats, such as botnet and malware detection and defense. Moreover, it extends this scope to the security of outsourced services. The success of the cloud and everything-as-a-service paradigm has made the outsourcing of computing and services a business reality. The resilience and security of these systems and services, and better understanding and preventing current large-scale attacks against them, constitutes a key factor in establishing and retaining trust in IT systems.

Furthermore the outsourcing and distribution of computing leads to new threats for privacy and data confidentiality. Our work in this area addresses the complete spectrum from resilient high-performance distributed computing, to malware and botnet detection and defense, to privacy-preserving outsourced web user analytics.

Publications

What Cannot be Read, Cannot be Leveraged? Revisiting Assumptions of JIT-ROP Defenses

Detecting Hardware-Assisted Virtualization

How to Make ASLR Win the Clone Wars: Runtime Re-Randomization

Datensicherheit (technisch-organisatorische Maßnahmen)

sec-cs: Getting the Most out of Untrusted Cloud Storage

SPARTA: A Scheduling Policy for Thwarting Differential Power Analysis Attacks

Uses and Abuses of Server-Side Requests

SandPrint: Fingerprinting Malware Sandboxes to Provide Intelligence for Sandbox Evasion

In the Compression Hornet's Nest: A Security Study of Data Compression in Network Services

Learning How to Prevent Return-Oriented Programming Efficiently

Fully Secure Inner-Product Proxy Re-Encryption with constant size Ciphertext

Cashing Out the Great Cannon? On Browser-Based DDoS Attacks and Economics

Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

Towards Detecting Anomalous User Behavior in Online Social Networks

Automating the Choice of Consistency Levels in Replicated Systems

Formal Specification of a Generic Separation Kernel

Privacy-preserving audit for broker-based health information exchange

Paint it Black: Evaluating the Effectiveness of Malware Blacklists

On Measuring the Impact of DDoS Botnets

On Advanced Monitoring in Resilient and Unstructured P2P Botnets

Automated Fixing of Programs with Contracts

Declarative Design and Enforcement for Secure Cloud Applications

Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks

Reconstructing AES Key Schedules from Decayed Memory with FPGAs

A compositional modelling and analysis framework for stochastic hybrid systems

An Internet Inspired Approach to Power Grid Stability

A Programming Language Approach to Fault Tolerance for Fork-Join Parallelism

CompCertTSO: A Verified Compiler for Relaxed-Memory Concurrency

MrCrypt: Static Analysis for Secure Cloud Computations

Modelling, Reduction and Analysis of Markov Automata

Logical Foundations of Secure Resource Management

Peer-assisted Content Distribution in Akamai Netsession

Automatic recovery from runtime failures

Elephant, Do Not Forget Everything! Efficient Processing of Growing Datasets

Mosquito: Another One Bites the Data Upload STream

Reconstructing Core Dumps

The impact of tangled code changes

The Uncracked Pieces in Database Cracking

Towards Zero-Overhead Static and Adaptive Indexing in Hadoop

Where Should We Fix This Bug? A Two-Phase Recommendation Model

WWHow! Freeing Data Storage from Cages

Policy-Sealed Data: A New Abstraction for Building Trusted Cloud Services

Dependability Results for Power Grids with Decentralized Stabilization Strategies